The Future of Zero Trust and SASE is Now! Register now

close
close
The platform of the future is Netskope

Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.

Go to Products Overview
Netskope video
Next Gen SASE Branch is hybrid — connected, secured, and automated

Netskope Next Gen SASE Branch converges Context-Aware SASE Fabric, Zero-Trust Hybrid Security, and SkopeAI-powered Cloud Orchestrator into a unified cloud offering, ushering in a fully modernized branch experience for the borderless enterprise.

Learn about Next Gen SASE Branch
People at the open space office
Designing a SASE Architecture For Dummies

Get your complimentary copy of the only guide to SASE design you’ll ever need.

Get the eBook
Embrace a Secure Access Service Edge (SASE) architecture

Netskope NewEdge is the world’s largest, highest-performing security private cloud and provides customers with unparalleled service coverage, performance and resilience.

Learn about NewEdge
NewEdge
Your Network of Tomorrow

Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.

Get the white paper
Your Network of Tomorrow
Netskope Cloud Exchange

The Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.

Learn about Cloud Exchange
Netskope video
Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn about NewEdge
Lighted highway through mountainside switchbacks
Safely enable the use of generative AI applications with application access control, real-time user coaching, and best-in-class data protection.

Learn how we secure generative AI use
Safely Enable ChatGPT and Generative AI
Zero trust solutions for SSE and SASE deployments

Learn about Zero Trust
Boat driving through open sea
Netskope achieves FedRAMP High Authorization

Choose Netskope GovCloud to accelerate your agency’s transformation.

Learn about Netskope GovCloud
Netskope GovCloud
  • Resources chevron

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog chevron

    Learn how Netskope enables security and networking transformation through security service edge (SSE).

  • Events & Workshops chevron

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined chevron

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

Cookies, Not Biscuits
Host Emily Wearmouthas sits down with experts David Fairman and Zohar Hod to discuss the past, present, and future of internet cookies.

Play the podcast
Podcast: Cookies, Not Biscuits
Latest Blogs

How Netskope can enable the Zero Trust and SASE journey through security service edge (SSE) capabilities.

Read the blog
Sunrise and cloudy sky
SASE Week 2023: Your SASE journey starts now!

Replay sessions from the fourth annual SASE Week.

Explore sessions
SASE Week 2023
What is Security Service Edge?

Explore the security side of SASE, the future of network and protection in the cloud.

Learn about Security Service Edge
Four-way roundabout
We help our customers to be Ready for Anything

See our Customers
Woman smiling with glasses looking out window
Netskope’s talented and experienced Professional Services team provides a prescriptive approach to your successful implementation.

Learn about Professional Services
Netskope Professional Services
The Netskope Community can help you and your team get more value out of products and practices.

Go to the Netskope Community
The Netskope Community
Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn about Training and Certifications
Group of young professionals working
  • Company chevron

    We help you stay ahead of cloud, data, and network security challenges.

  • Why Netskope chevron

    Cloud transformation and work from anywhere have changed how security needs to work.

  • Leadership chevron

    Our leadership team is fiercely committed to doing everything it takes to make our customers successful.

  • Partners chevron

    We partner with security leaders to help you secure your journey to the cloud.

Supporting sustainability through data security

Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.

Find out more
Supporting Sustainability Through Data Security
Highest in Execution. Furthest in Vision.

Netskope recognized as a Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge.

Get the report
Netskope recognized as a Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge.
Thinkers, builders, dreamers, innovators. Together, we deliver cutting-edge cloud security solutions to help our customers protect their data and people.

Meet our team
Group of hikers scaling a snowy mountain
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn about Netskope Partners
Group of diverse young professionals smiling

Financial Services is Leading the Pack in Placing Controls Around ChatGPT

Jun 29 2023

ChatGPT use is increasing exponentially in the enterprise, where users are submitting sensitive information to the chat bot, including proprietary source code, passwords and keys, intellectual property, and regulated data. In response, organizations have put controls in place to limit the use of ChatGPT.  Financial services leads the pack, with nearly one in four organizations implementing controls around ChatGPT. This blog post explores which types of controls have been implemented in various industries.

Controlling ChatGPT

ChatGPT controls are most popular in the financial services sector, where nearly one in four organizations have implemented controls around its use. Unsurprisingly, ChatGPT adoption is also lowest in financial services, indicating that the controls put in place there were largely preventative, blocking users from the platform. 

Interestingly, ChatGPT controls are in place in one in five technology organizations, putting it in second place. However, these controls have not had the same effect: ChatGPT adoption is highest in technology organizations. How could this be true? The answer lies in the types of controls that have been implemented.

Types of ChatGPT Controls

This post explores four different types of controls that organizations have implemented to monitor and control ChatGPT use.

Alert policies

Alert policies are informational controls. Their purpose is solely to provide visibility into how users in the organization are interacting with ChatGPT. Often, they are coupled with DLP policies to provide visibility into potentially sensitive data being posted to ChatGPT. Alert policies are often used during a learning phase to explore the effectiveness and impact of a blocking control, and are commonly converted to block policies after they have been tuned and tested.

User coaching policies

User coaching policies provide context to the users who trigger them, empowering the user to decide whether or not they wish to continue. User coaching policies are often coupled with DLP policies, where they can be used to notify the user that the data they are posted to ChatGPT appears to be sensitive in nature. The user is typically reminded of company policy and asked whether or not they wish to continue. For example, if the company policy is not to upload proprietary source code to ChatGPT, but the user is uploading some open source code, they may opt to continue with the submission after the notification. For ChatGPT user coaching policies, users click proceed 57% of the time.

DLP policies

DLP policies provide organizations to allow access to ChatGPT, but control the posting of sensitive data in prompts. DLP policies are configured by the organization to trigger on every post to ChatGPT and inspect the content of the post before allowing it through. The most common policies focus on proprietary source code, passwords and keys, intellectual property, and regulated data.

Block policies

The most draconian type of policy is a policy that outright blocks all use of ChatGPT. Users are not allowed any interaction with the app: they cannot login, post prompts, or sometimes even visit the login page itself.  

Popularity of ChatGPT Controls

The following chart shows which percentage of organizations in each of the seven verticals have implemented each of the control types. Financial services leads in terms of block policies, where nearly 17% of organizations outright block ChatGPT. DLP policies controlling exactly what can be posted to ChatGPT are also most popular among financial services and healthcare, both highly regulated industries. State, local government, and educational institutions (SLED) have the lowest overall adoption of ChatGPT controls and also the lowest adoption of user coaching policies, DLP policies, and block policies.

So how is it that technology companies lead in terms of ChatGPT usage and are second in terms of ChatGPT controls? The types of controls they implement are generally less draconian than other organizations. Technology organizations lead for alert only policies designed to provide visibility only, and only SLED has a lower percentage of organizations that enact block policies. Technology organizations use DLP and user coaching policies at similar rates to other verticals. In summary, what this means is that technology organizations aim to enable their users access to ChatGPT, while closely monitoring its use and implementing targeted controls where appropriate.

Safely enabling ChatGPT

Netskope customers can safely enable the use of ChatGPT with application access control, real-time user coaching, and data protection.

About this blog post

Netskope provides threat and data protection to millions of users worldwide. Information presented in this blog post is based on anonymized usage data collected by the Netskope Security Cloud platform relating to a subset of Netskope customers with prior authorization. Stats are based on the period starting on May 8, 2023 through June 4, 2023. Stats are a reflection of both user behavior and organization policy.

author image
Ray Canzanese
Ray is the Director of Netskope Threat Labs, which specializes in cloud-focused threat research. His background is in software anti-tamper, malware detection and classification, cloud security, sequential detection, and machine learning.

Stay informed!

Subscribe for the latest from the Netskope Blog